Director of Information Security
$150,000 - $160,000/Yr
Gannett - McLean, VA
posted about 1 month ago
Full-time - Senior
McLean, VA
Publishing Industries
About the position
The Director of Information Security at Gannett is responsible for leading the security engineering, incident response, and identity management teams to safeguard the company's digital assets and infrastructure. This strategic role requires a deep understanding of cybersecurity, incident response, and risk management, along with a proven track record in leading security initiatives and managing a team of security professionals.
Responsibilities
- Develop and implement security strategies to protect Gannett's digital assets.
- Lead and mentor a team of architects, engineers, and analysts to foster a culture of security awareness and continuous improvement.
- Oversee the design, implementation, and maintenance of security systems and infrastructure.
- Lead the cybersecurity incident response team, ensuring rapid and effective response to security incidents.
- Collaborate with other departments to ensure security measures are integrated into all aspects of the company's operations.
- Conduct regular security assessments and utilize continuous monitoring technology to identify vulnerabilities and implement corrective actions.
- Prepare, document, and maintain standard operating procedures, organization standards, and policies.
- Manage and optimize SIEM & logging tools to ensure comprehensive security monitoring and incident detection.
- Oversee vulnerability management and EDR/XDR toolsets to identify and mitigate security threats proactively.
- Implement and manage Identity & Access Management (IAM) and Privileged Access Management (PAM) solutions to safeguard sensitive information.
- Maintain cybersecurity metrics and key performance indicators (KPIs), and report regularly to senior management.
- Stay current with security trends, threats, and technology solutions.
- Ensure compliance with relevant regulations and standards, including NIST, SOX, PCI, SOC2, HIPAA, and others (e.g. CCPA, GDPR, ISO).
- May require off-hours work when responding to security threats.
Requirements
- Bachelor's degree in computer science, Information Security, or a related field preferred; advanced degree preferred or industry certification.
- Minimum of 10 years of experience in cybersecurity, with at least 5 years in a leadership role.
- Strong knowledge of security frameworks and standards (e.g., NIST CSF 2.0, OWASP TOP 10, CIS CSC, MITRE ATT&CK, etc.).
- Experience with cloud security, network security, and application security.
- Excellent problem-solving skills and the ability to work under pressure.
- Strong communication and interpersonal skills, with the ability to collaborate effectively across departments.
- Relevant certifications such as CISSP or CISM are required.
- Proficiency in managing Microsoft security products, including Microsoft Defender, Microsoft Entra, Azure Security Center, and Microsoft Sentinel.
Benefits
- Annual salary range between $150,000 and $160,000.
- Variable compensation may be applicable based on the role.
